NanoCore hunter: tracking NanoCore servers and watching behavior of RAT operators for 180 days Botconf 2020 Friday | 13:30 – 14:00 Takashi Matsumoto 🗣 | Yu Tsuda 🗣 | Nobuyuki Kanaya 🗣 | Masaki Kubo | Daisuke Inoue NanoCore RAT, which first appeared in 2013, is still actively used in 2020 for its highly functional and user-friendly interace. Around Feburary to March in […]
It Hurt Itself in Confusion: No distribute scanners and stealthy malware Botconf 2020 Friday | 14:00 – 14:20 Liv Rowley 🗣 | Mathieu Gaucheler 🗣 No distribute antivirus scanners (NDSs) provide cybercriminals with the ability to test the stealthiness of their malware before ever using it. As NDSs do not distribute hashes, they’re the ideal cybercriminal testing
It Hurt Itself in Confusion: No distribute scanners and stealthy malware Read More »
Building and maintaining a honeypot for medical devices Botconf 2020 Friday | 14:20 – 14:50 Axelle Apvrille 🗣 As confinement against COVID-19 began, I decided to do my part and help secure medical devices. I built a honeypot for medical devices, both to lure attackers off real equipment and to learn how they intended to
Building and maintaining a honeypot for medical devices Read More »
Tracking Unsafe Services that are Hosted by Bots using IP Reputation Botconf 2020 Tuesday | 13:10 – 13:30 Asaf Nadler 🗣 | Jordan Garzon 🗣 In this talk, we present a system to identify and track unsafe services that are hosted on bots. The system operates by identifying services whose hosting IP address was marked as a
Tracking Unsafe Services that are Hosted by Bots using IP Reputation Read More »
Tracking Samples on a Budget Botconf 2019 Thursday | 12:15 – 12:35 Alexandre Holzer 🗣 I would like to present a feedback on my own experience developing and running a malware tracker (feeds, development choices, architectures, methodologies, crawling heuristics, data pivots, special cases, deception and results) to make a collection from open source data and
Tracking Samples on a Budget Read More »
Botnet Tracking Story : from Spam Mail to Money Laundering Botconf 2019 Thursday | 14:00 – 14:50 Thomas Dubier 🗣 | Christophe Rieunier 🗣 …/… Edit
Botnet Tracking Story : from Spam Mail to Money Laundering Read More »
Finding Neutrino Botnet: from Web Scans to Botnet Architecture Botconf 2019 Thursday | 14:55 – 15:20 Kirill Shipulin 🗣 | Alexey Goncharov 🗣 In August 2018, we began to record mass scans of phpMyAdmin systems. Scans were accompanied by bruteforcing of 159 various web shells with the command die(md5(Ch3ck1ng)). This information became the starting point of our
Finding Neutrino Botnet: from Web Scans to Botnet Architecture Read More »
BackSwap Malware Campaign Evolution Botconf 2019 Thursday | 15:20 – 15:40 Carlos Rubio Ricote 🗣 | David Pastor Sanz 🗣 This article will explain in detail the follow-up since the BackSwap malware was discovered in May 2018, as well as the different campaigns that the group behind BackSwap has carried out towards financial institutions from different countries,
BackSwap Malware Campaign Evolution Read More »
Winnti Arsenal: Brand-new Supplies Botconf 2019 Thursday | 16:10 – 16:50 Mathieu Tartare 🗣 | Marc-Étienne Léveillé 🗣 This presentation is the result of a long-term research uncovering new unpublished details on the arsenal of the Winnti umbrella. The Winnti umbrella consists in multiple threat actors having in common the use of a custom backdoor for their
Winnti Arsenal: Brand-new Supplies Read More »
DFIR & Crisis Management – Post-mortems & Lessons Learned in the Pain from the Field Botconf 2019 Thursday | 16:55 – 17:45 Vincent Nguyen 🗣 | Jean Marsault 🗣 | Antoine Vallée 🗣 This presentation aims to summarize the best wins & fails of crisis management based on our field experience. We will cover different phases of a crisis
DFIR & Crisis Management – Post-mortems & Lessons Learned in the Pain from the Field Read More »